> > Much better and very detailed analysis (by the same author!) So, it > was not DNS poisoning at all but a change in the DNS settings of the > router, after the box was cracked. (DNSchanger-style) > > http://www.securelist.com/en/blog/208193852/The_tale_of_one_thousand_and_one_DSL_modems > ______________________________________________
DNSSEC alone wouldn't have provided much relief on this, but DNSSEC+DANE+HSTS could. Most of it due to HSTS, but we need to cover the rogue CA attack-vector. Rubens _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
